[NBLUG/talk] reporting a bug in a major distro

Steve Johnson srj at adnd.com
Sat Aug 23 22:43:00 PDT 2003


The honest thing would be to contact the author, if he doesn't follow up 
on it, then report it to CERT.

Exploiting it would be bad.

Oh, and yes I would do the honest thing.


-Steve


error wrote:
> On Sat, 2003-08-23 at 21:55, Jeremy Turner wrote:
> 
>>On Sat, 2003-08-23 at 21:38, error wrote:
>>
>>>What if I told you that I had found a huge bug in a major distro.
>>
>>The beauty of open source is you know the email of the author.  You can
>>send an email detailing the exact sequence and how you and root the
>>boxen.
>>
>>If it indeed is a major security hole, the authors could make the
>>necessary changes (unless you included a patch to fix it) and push out
>>changes to the various distributions.
> 
> 
> I am more looking for what you would do.
> 
> Would you report it to that email?
> Would you take it to full disclosure or bugtraq and cc them?
> 
> Would you package a set of tools to exploit it? ;-p
> 





More information about the talk mailing list